Skip navigation

SSH user, via Open Directory, can't SUDO...

1129 Views 1 Reply Latest reply: Mar 22, 2012 3:33 PM by Esther Mofet RSS
kristin. Level 2 Level 2 (230 points)
Currently Being Moderated
Mar 22, 2012 11:17 AM

On three of my Xserves I have SSH access restricted to a handful of users and these users are Open Directory-based users. Aside from the fact that these users don't have a home directory on the servers they connect to (as they're not local users to those machines), I'm having an issue where, when they try and run a command via SUDO, they get an error stating they are not in the sudoers file and thus can't complete the command.

 

I'm wondering if anyone has a solution for this? Should I not be using OD-based users for SSH?

 

Thanks,

Kristin.

  • Esther Mofet Level 1 Level 1 (130 points)
    Currently Being Moderated
    Mar 22, 2012 3:33 PM (in response to kristin.)

    Sure, you can use OD-based users and sudo.

     

    Maybe add your users to the domain's Administrators group, which, by default, would grant sudo on the member machines. Careful, though, as that's the _domain_ administration group. If you need to restrict access so they can't make domain admin level changes but so they can do just about anything on your member servers and workstations, you could just create a new sudo group, maybe called "sudo-admins" then append an appropriate line to the sudoers files on all of your machines... maybe a line that reads:

     

    %sudo-admins  ALL=(ALL) ALL

     

    (standard warning about using caution while editing sudoers goes here -- be careful)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.